Web service Security using X.509 certificate

Similar Messages

• Web Service Security using OpenSSO

  Hi,
  I have a question regarding the usage of the OpenSSO in order to secure web services.
  I have read the documentation and it states the OpenSSO enables web service security.
  However, in the docs the main scenario is where the WSC and WSP are protected by the agent.
  In my scenario, I would like to use agents only on the WSP side, but leave the implementation of the client side open to the partners. Partners will have the interface from the OpenSSO for the authentication and saml token retrieval. The client will have to create soap by itself. This is the case since the WSC are to be standalone applications on client computers.
  To set the actual question; what are web service interfaces that OpenSSO as a STS offers for authentication and saml token issuance. Is there same sort of a referential architecture for this case where only the STS and WSP can be configured and the WSC implementation of the WSS left to the partner. Any pointers and directions would be appreciated.
  Thanks!

  Hi
  Thanks for your reply
  I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
  I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
  I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
  When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
  What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
  paul

• Web Services Security using X509 certificate

  Hi,
  I have secured a web service using X509 certificate. i also secured the proxy of it but when i run the proxy client it says.
  javax.security.auth.login.LoginException: Cannot authenticate X509 certificate, User CN=Sam, OU=Technology, O=FS, L=Dallas, ST=Texas, C=US does not exist in our system
  Any idea on this. Do i need to configure the X509 certificate in the server. I am using Oracle SOA Suite and JDeveloper 10.1.3.1
  Thanks

  Hi,
  I have secured a web service using X509 certificate. i also secured the proxy of it but when i run the proxy client it says.
  javax.security.auth.login.LoginException: Cannot authenticate X509 certificate, User CN=Sam, OU=Technology, O=FS, L=Dallas, ST=Texas, C=US does not exist in our system
  Any idea on this. Do i need to configure the X509 certificate in the server. I am using Oracle SOA Suite and JDeveloper 10.1.3.1
  Thanks

• Web Services Security using JDeveloper 10.1.3.1

  Hi,
  I would need some tutorial to secure a web service using X.509 Digital Certificate. I could find a tutorial on Text Password but not X.509.
  In fact i tried X.509 with a sample web service but getting following error. So any tutorial on this would be great helpful..Thanks
  oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: An invalid token was provided
       at oracle.security.wss.interceptors.AbstractSecurityInterceptor.throwSOAPFaultException(AbstractSecurityInterceptor.java:225)
       at oracle.security.wss.interceptors.AbstractSecurityInterceptor.handleOutbound(AbstractSecurityInterceptor.java:199)
       at oracle.security.wss.interceptors.ClientInterceptor.handleRequest(ClientInterceptor.java:48)
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:124)
       at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
       at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:698)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at helloworldproxy1.proxy.runtime.HelloWorldWebServiceSoapHttp_Stub.sayHello(HelloWorldWebServiceSoapHttp_Stub.java:77)
       at com.HelloWorldWebServiceSoapHttpPortClient.sayHello(HelloWorldWebServiceSoapHttpPortClient.java:41)
       at com.HelloWorldWebServiceSoapHttpPortClient.main(HelloWorldWebServiceSoapHttpPortClient.java:29)
  Caused by: FAULT CODE: InvalidSecurity FAULT MESSAGE: An invalid token was provided
       at oracle.security.xmlsec.wss.WSSecurity.sign(Unknown Source)
       at oracle.security.wss.WSSecurity.sign(WSSecurity.java:2177)
       at oracle.security.wss.WSSecurity.build(WSSecurity.java:1903)
       at oracle.security.wss.interceptors.AbstractSecurityInterceptor.handleOutbound(AbstractSecurityInterceptor.java:189)
       ... 9 more
  Caused by: oracle.security.xmlsec.dsig.SigningException
       at oracle.security.xmlsec.dsig.XSSignature.computeSignature(Unknown Source)
       at oracle.security.xmlsec.dsig.XSSignature.sign(Unknown Source)
       ... 13 more
  Caused by: oracle.security.crypto.core.InvalidKeyException
       at oracle.security.crypto.core.RSAMDSignature.setPrivateKey(RSAMDSignature)
       ... 15 more

  I am also having the same problem. Calling a web service inside JDeveloper 10.1.3.3 works fine. When I deploy to a jar file and include all Jars that the dependency analyzer identifies, the following error occurs:
  standard type mapping initialization error: javax.xml.rpc.JAXRPCException: javax
  .xml.soap.SOAPException: Unable to create SOAP Factory: Provider com.sun.xml.messaging.saaj.soap.ver1_1.SOAPFactory1_1Impl not found
  Your work around defining Java system properties does work, but why do we need to do this using the Oracle SOAP stack?
  If there are alternatives to this problem please share. Thank you.

• Web service security using Jdev 10.1.2.0.2

  Hi
  I am currently developing our first web service. It is based on a pl/sql procedure. We are using App server 10.1.2.0.2 and Jdev 10.1.2.0.2.
  I found this document
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
  However it is based on JDev 10.1.3. I managed to create the webservice and set security settings in Jdev 10.1.3 however I had problems when creating an app server connection. And the web service would not deploy to our 10.1.2.0.2 app server.
  Are there any security options available when creating web services in Jdev 10.1.2.0.2? Is it expected that Jdev 10.1.3 won't be able to deploy to our 10.1.2.0.2 app server?
  thanks
  paul schweiger
  Message was edited by:
  [email protected]
  Message was edited by:
  [email protected]

  Hi
  Thanks for your reply
  I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
  I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
  I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
  When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
  What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
  paul

• Problem creating web service client using WSM Policies

  Hello everyone,
  I'm trying to make a simple java client to a Web Service secured using a WSM 11gR1 policy (from Soa Suite 11.1.1.2.0). The policy on the server side is oracle/wss11_x509_token_with_message_protection_service_policy which I attached via the Weblogic Admin Console. To implement the client I'm trying to follow the instructions from this documentation: http://download.oracle.com/docs/cd/E15523_01/web.1111/e13713/owsm_appendix.htm#WSSOV386 section "Policy Configuration Overrides for the Web Service Client" and also I'm using OEPE 11.1.1.3.0 (Eclipse 3.5.0) to develop the client. The only weblogic jar I've added to the build path is the weblogic.jar . Unfortunately, the oracle.wsm.security.util.SecurityConstants.ClientConstants interface (used in the example A-6) is not included in this jar and I have no idea what other libraries should I include in order to follow the example. I tried manualy adding other jars but without success. In fact I found one jar which includes this interface, the wsm-secpol.jar but it does not have the properties described in the documentation, so I guess it's not the right jar, and also I don't think this is the right procedure since there might be another dependent jars. So I would like to know what libraries exactly I should add to the build path (or some other procedure if you noticed I'm doing anything wrong)
  Thank you !

  Hi
  I am having the same problem almost where i wrote a client to comsume a JWS server in https. Where the server is setup to require a certificate to connect to.
  My code:
  public static void main(String[] args) {
  try {
  DataBaseSyncServerImpl port = new DataBaseSyncServerImplService().getDataBaseSyncServerImplPort();
  int number1 = 20;
  int number2 = 10;
  System.out.printf("Invoking divide method(%d, %d)\n", number1, number2);
  double result = port.divide(number1, number2);
  System.out.printf("The result of dividing %d and %d is %f.\n\n", number1, number2, result);
  when run this code throw
  run:
  [java] Invoking divide method(20, 10)
  [java] Exception in thread "main" javax.xml.ws.WebServiceException: HTTP transport error: javax.net.ssl.SSLHandshak
  eException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCert
  PathBuilderException: unable to find valid certification path to requested target
  Does any one know how can I solve this problem or how can I make the client be able to use self signed certificates. Any help is greatly apprecited. Thanks

• SOAP Request with Web Service Security

  Hi masters of XI,
  the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
  I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  How can we send UserNameToken's elements inside SOAP web service envelope
  signing with X.509 certificate also? There are any way to do it in the
  receiver agreement or receiver SOAP adapter?
  thanks.

  Hi,
  thank you very much for your answers.
  I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
  This is my Request:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>     
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>
  And this is the request I need:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>
  <!-- THIS IS THE PART I NEED -->
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
          <wsse:Username>xxxxxxx</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
        </wsse:UsernameToken>
  <!--  -->
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>

• Details for 'Is Web service security available?'

  Hi i am working on scenario rfc to webservice.Its as secued webserivce i need to do ssl configuration.
  In component monitoring..for the integration engine its in yellow...
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
  can any one please help me out..
  Thanks
  sriram

  I have already installed certificates on the j2ee engine & i have given the paramaters for keystore entry & keystore value.Still i have the same error
  In component monitoring
  For integration engine
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client) 
  In message monitoring
  Audit Log for Message: f614df00-e9e0-11da-95ef-0004ac577b32
  Time Stamp Status Description
  2006-05-22 15:18:58 Success The message was successfully received by the messaging system. Profile: XI URL: http://saptst01:51000/MessagingSystem/receive/AFW/XI
  2006-05-22 15:18:58 Success Using connection AFW. Trying to put the message into the request queue.
  2006-05-22 15:18:58 Success Message successfully put into the queue.
  2006-05-22 15:18:58 Success The message was successfully retrieved from the request queue.
  2006-05-22 15:18:58 Success The message status set to DLNG.
  2006-05-22 15:18:58 Success Delivering to channel: ZCH_VERISIGNPPGR
  2006-05-22 15:18:58 Success SOAP: request message entering the adapter
  2006-05-22 15:18:58 Success SOAP: call failed
  2006-05-22 15:18:58 Error SOAP: error occured: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter
  2006-05-22 15:18:58 Error Exception caught by adapter framework: Peer sent alert: Alert Fatal: illegal parameter
  Can any one please help me out.
  Thanks
  sriram

• Is Web service security available?

  Dear Experts,
      In RWB, when i click on Integration Engine(in component monitoring) i get a yellow triangle next to it instead of green. Result of self test says that
  Is Web service security available?
  "Communication error Proxy calls are not permitted on sender or receiver side on the IS (client)".
  Can u guys tell me the reason behing this.
  Thanks & regards.

  Hi,
  Check if you have selected any security level for the WebService or may be it is across the firewall. Probably you need to install the related certificates and have to configure the SSL layer.
  refer
  You need to setup SSL layer for HTTPS endpoint.
  Possible HTTP security levels are (in ascending order):
  HTTP without SSL
  HTTP with SSL (= HTTPS), but without client authentication
  HTTP with SSL (= HTTPS) and with client authentication
  Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
  General guide
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
  Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Thanks
  Swarup

• Web Services Security Sample

  I colud not understand that:
  "9.The mail also contains links to the Root Certificate using whose key your Certificate was signed. Follow the link and click Accept. This install the root
  certificate in your browser.(Use Internet Explorer)."
  in the Web Services Security Sample Installation.
  Is there clear info for this and "Get a Client Certificate"?
  Thanks...

  When you get the certificate client certificate from Verisign( or any certificate authority), you also need a root certificate from Verisign which says that this client certificate was given by Verisign.
  When you provide all your info to Verisign (along with certificate request) you get the client certificate to your email address (which you gave to Verisign for sending certificate). This email address also contains the link to root address which you need to obtain in order to validate your certificate. Follow the link and do as instructed to import the root certificate in Internet Explorer. The root certificate will be imported into IE with the name "VeriSign authorized testing only.No assurances" in "Trusted Root Certificate Authorities tab"
  Your Oracle Wallet manager, Internert Explorer etc will accept and use the client certificate only if the corresponding root certificate is present.
  Hope this clarifies the doubt.
  Chandar

• How to make my Portal Web Service SECURED?

  Hi Experts,
  I created one portal Service and exposed it as Portal Web Service.
  Everything is working fine, as i deployed my Portal Web Service on to the SAP J2EE Engine ie SAP Server.
  I m able to access functions of Web Service from my StandAlone Java Application.
  but the problem is my Web Service is not SECURED.
  How can i make my Portal Web Service SECURED?
  Please help me out.
  Help will be appreciated and rewarded!!!!!

  user13046122 wrote:
  I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
  I now need to make SOAP Web Service calls - from an 8.1.7.4 database
  But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
  Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
  It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.

• Web Service Security Question

  I have created a web service in the NetWeaver portal using a Portal Service.  I have marked the service as requiring basic http authentication.  However, when I call the web service from the Enterprise Portal Web Services Checker in NWDS it just let's me supply the params of the web service and no authentication.  Any ideas?
  I also noticed that my web service does not appear under the Web Services Container or Web Services Security section in Visual Administrator.  Anybody have any idea why this is?
  Thanks in advance.
  Curtis

  Hi Curtis,
  My guess is that since you are logged into the Portal while calling this web service, it will use the current session cookie to authenticate automatically. I'm not sure on the second question, tried a restart?
  Regards,
  Raj

• Web Service Security with SAML - Invalid XML signature

  Hello together,
  we want to build a scenario where we want to use Web Service Security  with SAML.
  The scenario will be
  WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
  SAP PI release is 7.11 (SP Level 4)
  We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
  The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
  But we get following error at calling the CRM system when we want to communicate with SAML:
    <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
  Has somebody an idea of the possible reason for the error.
  Thanks in advance
  Stefan

  Error Messages in the Trace/Log Viewer:
  CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
  A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
  Invalid XML signature

• How to invoke a web service asynchronously using ws-addressing model?

  Hi Gurus,
  We are invoking an external web service asynchronously using Oracle Work Flow Business events using the following mechanism -
  1)Created a web service invoker event to invoke the web service.
  2)Created a subscription that invokes the web service (provided the wsdl address, operation info).
  3)Defined a subscription parameter WFBES_CALLBACK_EVENT with value pointing to a recieve event.
  4)Created a receive event(parameter value for WFBES_CALLBACK_EVENT) and a subscription that directs the response to a custom PL/SQL function to process response.
  so far so good. We were able to invoke the web service and get and process the response.
  Problem: The external web service can take upto 10 hrs to process the request. A time out of 2 hrs is set on the server hosting the external web service. So when the external web service takes more than 2 hrs to process the request and it times out and we get the following error on EBS side -
  'l_error_message:oracle.apps.fnd.wf.bes.InvokerException: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: oracle.j2ee.ws.saaj.ContentTypeException: Not a valid SOAP Content-Type: text/html; charset=iso-8859-1'
  Now the external web service providers are suggesting that we are not calling their web service asynchronously and we should use ws-addressing model to do so.
  Is there a way to invoke this web service using ws-addressing model using business events or from PL/SQL or OA middle-tier?
  Regards,
  Sunil
  CMRO Development.
  I am providing here the WSDL of the external web service -
  <?xml version="1.0" encoding="UTF-8"?>
  <wsdl:definitions targetNamespace="http://service.sdk.webservices.enigma.com" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:ns1="http://org.apache.axis2/xsd" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:ax21="http://service.sdk.webservices.enigma.com/xsd" xmlns:ns="http://service.sdk.webservices.enigma.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
  <wsdl:types>
  <xs:schema attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="http://service.sdk.webservices.enigma.com/xsd" xmlns:ax22="http://service.sdk.webservices.enigma.com">
  <xs:import namespace="http://service.sdk.webservices.enigma.com"/>
  <xs:complexType name="JCGWebServicesException">
  <xs:complexContent>
  <xs:extension base="ax22:Exception">
  <xs:sequence>
  <xs:element minOccurs="0" name="id" nillable="true" type="xs:string"/>
  <xs:element minOccurs="0" name="message" nillable="true" type="xs:string"/>
  </xs:sequence>
  </xs:extension>
  </xs:complexContent>
  </xs:complexType>
  <xs:complexType name="JCGServiceReply">
  <xs:sequence>
  <xs:element maxOccurs="unbounded" minOccurs="0" name="pdfStatus" nillable="true" type="ax21:PdfStatus"/>
  </xs:sequence>
  </xs:complexType>
  <xs:complexType name="PdfStatus">
  <xs:sequence>
  <xs:element minOccurs="0" name="jobCardID" nillable="true" type="xs:string"/>
  <xs:element minOccurs="0" name="pdfPath" nillable="true" type="xs:string"/>
  <xs:element minOccurs="0" name="status" nillable="true" type="xs:string"/>
  </xs:sequence>
  </xs:complexType>
  </xs:schema>
  <xs:schema attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="http://service.sdk.webservices.enigma.com" xmlns:ax23="http://service.sdk.webservices.enigma.com/xsd">
  <xs:import namespace="http://service.sdk.webservices.enigma.com/xsd"/>
  <xs:complexType name="Exception">
  <xs:sequence>
  <xs:element minOccurs="0" name="Exception" nillable="true" type="xs:anyType"/>
  </xs:sequence>
  </xs:complexType>
  <xs:element name="JCGWebServicesException">
  <xs:complexType>
  <xs:sequence>
  <xs:element minOccurs="0" name="JCGWebServicesException" nillable="true" type="ax21:JCGWebServicesException"/>
  </xs:sequence>
  </xs:complexType>
  </xs:element>
  <xs:element name="runJobCard">
  <xs:complexType>
  <xs:sequence>
  <xs:element minOccurs="0" name="a_WorkpackageFilePath" nillable="true" type="xs:string"/>
  <xs:element minOccurs="0" name="a_userName" nillable="true" type="xs:string"/>
  </xs:sequence>
  </xs:complexType>
  </xs:element>
  <xs:element name="runJobCardResponse">
  <xs:complexType>
  <xs:sequence>
  <xs:element minOccurs="0" name="return" nillable="true" type="ax21:JCGServiceReply"/>
  </xs:sequence>
  </xs:complexType>
  </xs:element>
  </xs:schema>
  </wsdl:types>
  <wsdl:message name="JCGWebServicesException">
  <wsdl:part name="parameters" element="ns:JCGWebServicesException">
  </wsdl:part>
  </wsdl:message>
  <wsdl:message name="runJobCardResponse">
  <wsdl:part name="parameters" element="ns:runJobCardResponse">
  </wsdl:part>
  </wsdl:message>
  <wsdl:message name="runJobCardRequest">
  <wsdl:part name="parameters" element="ns:runJobCard">
  </wsdl:part>
  </wsdl:message>
  <wsdl:portType name="JCGServicePortType">
  <wsdl:operation name="runJobCard">
  <wsdl:input message="ns:runJobCardRequest" wsaw:Action="urn:runJobCard">
  </wsdl:input>
  <wsdl:output message="ns:runJobCardResponse" wsaw:Action="urn:runJobCardResponse">
  </wsdl:output>
  <wsdl:fault name="JCGWebServicesException" message="ns:JCGWebServicesException" wsaw:Action="urn:runJobCardJCGWebServicesException">
  </wsdl:fault>
  </wsdl:operation>
  </wsdl:portType>
  <wsdl:binding name="JCGServiceSoap11Binding" type="ns:JCGServicePortType">
  <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
  <wsdl:operation name="runJobCard">
  <soap:operation soapAction="urn:runJobCard" style="document"/>
  <wsdl:input>
  <soap:body use="literal"/>
  </wsdl:input>
  <wsdl:output>
  <soap:body use="literal"/>
  </wsdl:output>
  <wsdl:fault name="JCGWebServicesException">
  <soap:fault name="JCGWebServicesException" use="literal"/>
  </wsdl:fault>
  </wsdl:operation>
  </wsdl:binding>
  <wsdl:binding name="JCGServiceSoap12Binding" type="ns:JCGServicePortType">
  <soap12:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
  <wsdl:operation name="runJobCard">
  <soap12:operation soapAction="urn:runJobCard" style="document"/>
  <wsdl:input>
  <soap12:body use="literal"/>
  </wsdl:input>
  <wsdl:output>
  <soap12:body use="literal"/>
  </wsdl:output>
  <wsdl:fault name="JCGWebServicesException">
  <soap12:fault name="JCGWebServicesException" use="literal"/>
  </wsdl:fault>
  </wsdl:operation>
  </wsdl:binding>
  <wsdl:service name="JCGService">
  <wsdl:port name="JCGServiceHttpSoap12Endpoint" binding="ns:JCGServiceSoap12Binding">
  <soap12:address location="http://localhost:8080/JCG/services/JCGService"/>
  </wsdl:port>
  <wsdl:port name="JCGServiceHttpSoap11Endpoint" binding="ns:JCGServiceSoap11Binding">
  <soap:address location="http://localhost:8080/JCG/services/JCGService"/>
  </wsdl:port>
  </wsdl:service>
  </wsdl:definitions>
  Edited by: sikumar on Jun 22, 2010 1:50 PM

  Bharat,
  You dont need a Business Event setup to invoke a BPEL process from PL/SQL unless you have a special case and you need to process the response from the BPEL process in a separate thread (or in background)..
  For a straight call to BPEL process from PL/SQL, here is a sample script -
  function "MYTEST0" return varchar2 AS
  soap_request varchar2(30000);
  soap_respond varchar2(30000);
  http_req utl_http.req;
  http_resp utl_http.resp;
  resp XMLType;
  i integer;
  helpStr varchar2(30000);
  BEGIN
  soap_request:= '<?xml version = ''1.0'' encoding = ''UTF-8''?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="
  http://xmlns.oracle.com/TestWS">
  <env:Body>
  <ns0:TestWSProcessRequest>
  <ns0:input>abc</ns0:input>
  </ns0:TestWSProcessRequest>
  </env:Body>
  </env:Envelope>
  /* the BPEL process name is TestWS */
  http_req:= utl_http.begin_request
  ( 'http://hostname:7777/orabpel/default/TestWS/1.0'
  , 'POST'
  , 'HTTP/1.1'
  utl_http.set_header(http_req, 'Content-Type', 'text/xml');
  utl_http.set_header(http_req, 'Content-Length', length(soap_request));
  utl_http.set_header(http_req, 'SOAPAction', 'process');
  utl_http.write_text(http_req, soap_request);
  http_resp:= utl_http.get_response(http_req);
  utl_http.read_text(http_resp, soap_respond);
  utl_http.end_response(http_resp);
  resp:= XMLType.createXML(soap_respond);
  resp:= resp.extract('/soap:Envelope/soap:Body/child::node()',
  'xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"');
  helpStr := '';
  i:=0;
  loop
  helpStr := helpStr || substr(soap_respond,1+ i*255,250);
  i:= i+1;
  if i*250> length(soap_respond)
  then
  exit;
  end if;
  end loop;
  return helpStr;
  END;

• Oracle Database Web Service Client using UTL_DBWS :: ORA-29532 Error

  Hi,
  I have the Oracle Database 10.2.0.1.0 :-
  SQL> select * from v$version;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
  PL/SQL Release 10.2.0.1.0 - Production
  CORE    10.2.0.1.0      Production
  TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
  NLSRTL Version 10.2.0.1.0 - ProductionI have written a simple Web Services Client using the classes gfrom the UTL_DBWS package. I loaded the JAR file dbwsclient.jar in the SYS Schema and I am trying to use it in the USF Schema.
  However, I have hit this error & I ma unable to proceed :-
  SQL>  select get_stock_price from dual;
  select get_stock_price from dual
  ERROR at line 1:
  ORA-29532: Java call terminated by uncaught Java exception:
  java.lang.IllegalAccessException: javax.xml.rpc.ServiceException:
  java.security.AccessControlException: the Permission
  (java.lang.RuntimePermission getClassLoader) has not been granted to USF. The
  PL/SQL to grant this is dbms_java.grant_permission( 'USF',
  'SYS:java.lang.RuntimePermission', 'getClassLoader', '' )
  ORA-06512: at "USF.UTL_DBWS", line 193
  ORA-06512: at "USF.UTL_DBWS", line 190
  ORA-06512: at "USF.GET_STOCK_PRICE", line 17Can you please help me with this ?
  Regards,
  Sandeep

  Hi,
  The error message said
  the Permission(java.lang.RuntimePermission getClassLoader) has not been granted to USF.
  I'd follow the suggestion
  The PL/SQL to grant this is dbms_java.grant_permission( 'USF','SYS:java.lang.RuntimePermission', 'getClassLoader', '' )
  In case you have not done so, consult the Callout Users Guide @
  http://www.oracle.com/technology/sample_code/tech/java/jsp/callout_users_guide.htm
  Kuassi http://db360.blogspot.com